Smart Grid Security: Threats, Challenges, and Solutions

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quantify their effects, and c) devise appropriate security solutions. In this paper, the key threats targeting the smart grid are first exposed while assessing their effects on the operation and stability of the grid. Then, the challenges involved in understanding these attacks and devising defense strategies against them are identified. Potential solution approaches that can help mitigate these threats are then discussed. Last, a number of mathematical tools that can help in analyzing and implementing security solutions are introduced. As such, this paper will provide the first comprehensive overview on smart grid security

Business Risks: When IS Fails to Detect Circumvention Activities

A business must recognize and address various risk factors when establishing and maintaining its information system. The overall risk to management is that the control environment does not protect proprietary business data and the financial reporting system that produces financial statements and other information used by investors, creditors and regulatory agencies. These risks require that management implement efforts to ensure the integrity and effectiveness of control procedures over business activities while being aware of additional system issues such as failing to adequately consider other risks which are more business-oriented including the risk of failing to prevent or detect fraudulent or illegal activities. Worldwide in 2008 the value of economic data stolen was estimated to be a trillion dollars. After the public outcry from the business failures such as Enron there were efforts by the U.S. government, business community and the accounting profession to strengthen business control environments to better address such risk factors and thereby improving the quality of financial data. One result of these efforts has been that businesses are guided by the features of the Sarbanes-Oxley Act (2002) and efforts by COSO (2007) which indirectly allude to but do not specifically address these risk factors in a technology-based business environment. Currently almost all records maintained by a business organization are now in an electronic format with over two-thirds never converted to hard copy. The integral nature of a networked system necessitates having adequate control aspects that ensure the confidentiality of business proprietary data and to ensure this data is not stolen or misused. One aspect of this issue is that of insider hacking to transfer or misuse proprietary business data. This issue and recommendations for management and their auditors are reported in this research

Honeypots in the age of universal attacks and the Internet of Things

Today's Internet connects billions of physical devices. These devices are often immature and insecure, and share common vulnerabilities. The predominant form of attacks relies on recent advances in Internet-wide scanning and device discovery. The speed at which (vulnerable) devices can be discovered, and the device monoculture, mean that a single exploit, potentially trivial, can affect millions of devices across brands and continents. In an attempt to detect and profile the growing threat of autonomous and Internet-scale attacks against the Internet of Things, we revisit honeypots, resources that appear to be legitimate systems. We show that this endeavour was previously limited by a fundamentally flawed generation of honeypots and associated misconceptions. We show with two one-year-long studies that the display of warning messages has no deterrent effect in an attacked computer system. Previous research assumed that they would measure individual behaviour, but we find that the number of human attackers is orders of magnitude lower than previously assumed. Turning to the current generation of low- and medium-interaction honeypots, we demonstrate that their architecture is fatally flawed. The use of off-the-shelf libraries to provide the transport layer means that the protocols are implemented subtly differently from the systems being impersonated. We developed a generic technique which can find any such honeypot at Internet scale with just one packet for an established TCP connection. We then applied our technique and conducted several Internet-wide scans over a one-year period. By logging in to two SSH honeypots and sending specific commands, we not only revealed their configuration and patch status, but also found that many of them were not up to date. As we were the first to knowingly authenticate to honeypots, we provide a detailed legal analysis and an extended ethical justification for our research to show why we did not infringe computer-misuse laws. Lastly, we present honware, a honeypot framework for rapid implementation and deployment of high-interaction honeypots. Honware automatically processes a standard firmware image and can emulate a wide range of devices without any access to the manufacturers' hardware. We believe that honware is a major contribution towards re-balancing the economics of attackers and defenders by reducing the period in which attackers can exploit vulnerabilities at Internet scale in a world of ubiquitous networked `things'.Premium Research Studentship, Department of Computer Science and Technology, University of Cambridg

Cyber Attack Challenges and Resilience for Smart Grids

Date of Acceptance: 31/08/2015Peer reviewedPostprin

Enabling sustainable power distribution networks by using smart grid communications

Smart grid modernization enables integration of computing, information and communications capabilities into the legacy electric power grid system, especially the low voltage distribution networks where various consumers are located. The evolutionary paradigm has initiated worldwide deployment of an enormous number of smart meters as well as renewable energy sources at end-user levels. The future distribution networks as part of advanced metering infrastructure (AMI) will involve decentralized power control operations under associated smart grid communications networks. This dissertation addresses three potential problems anticipated in the future distribution networks of smart grid: 1) local power congestion due to power surpluses produced by PV solar units in a neighborhood that demands disconnection/reconnection mechanisms to alleviate power overflow, 2) power balance associated with renewable energy utilization as well as data traffic across a multi-layered distribution network that requires decentralized designs to facilitate power control as well as communications, and 3) a breach of data integrity attributed to a typical false data injection attack in a smart metering network that calls for a hybrid intrusion detection system to detect anomalous/malicious activities. In the first problem, a model for the disconnection process via smart metering communications between smart meters and the utility control center is proposed. By modeling the power surplus congestion issue as a knapsack problem, greedy solutions for solving such problem are proposed. Simulation results and analysis show that computation time and data traffic under a disconnection stage in the network can be reduced. In the second problem, autonomous distribution networks are designed that take scalability into account by dividing the legacy distribution network into a set of subnetworks. A power-control method is proposed to tackle the power flow and power balance issues. Meanwhile, an overlay multi-tier communications infrastructure for the underlying power network is proposed to analyze the traffic of data information and control messages required for the associated power flow operations. Simulation results and analysis show that utilization of renewable energy production can be improved, and at the same time data traffic reduction under decentralized operations can be achieved as compared to legacy centralized management. In the third problem, an attack model is proposed that aims to minimize the number of compromised meters subject to the equality of an aggregated power load in order to bypass detection under the conventionally radial tree-like distribution network. A hybrid anomaly detection framework is developed, which incorporates the proposed grid sensor placement algorithm with the observability attribute. Simulation results and analysis show that the network observability as well as detection accuracy can be improved by utilizing grid-placed sensors. Conclusively, a number of future works have also been identified to furthering the associated problems and proposed solutions